Tenda AC18 HTTP Request SetDlnaCfg sprintf stack-based overflow

Tenda AC18 tenda ac18_firmware

Tenda AC18 HTTP Request GetParentControlInfo strcpy stack-based overflow

Tenda AC18 tenda ac18_firmware

Campcodes Complete Online Beauty Parlor Management System bwdates-reports-details.php cross site scripting

Campcodes Complete Online Beauty Parlor Management System campcodes complete_online_beauty_parlor_management_system

Web to SugarCRM Lead <= 1.0.0 - Cross-Site Request Forgery to Custom Field Deletion

dipesh_patel Web to SugarCRM Lead

Ultimate Member <= 2.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

ultimatemember Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin

Migration, Backup, Staging – WPvivid Backup & Migration <= 0.9.120 - Authenticated (Admin+) Arbitrary Directory Creation

wpvividplugins Migration, Backup, Staging – WPvivid Backup & Migration

Image Photo Gallery Final Tiles Grid <= 3.6.8 - Authenticated (Author+) Stored Cross-Site Scripting via 'Custom Scripts' Setting

wpchill Image Photo Gallery Final Tiles Grid

Product Table for WooCommerce <= 5.0.8 - Reflected Cross-Site Scripting

codersaiful Product Table for WooCommerce

ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.4 - Unauthenticated Stored Cross-Site Scripting

elextensions ELEX WordPress HelpDesk & Customer Ticketing System

Campcodes Complete Online Beauty Parlor Management System view-appointment.php sql injection

Campcodes Complete Online Beauty Parlor Management System campcodes complete_online_beauty_parlor_management_system

Yealink RPS before 2025-06-27 allows unauthorized access to information, including AutoP URL address...

Yealink RPS

Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX <= 5.0.3 - Missing Authorization to Unauthenticated Sensitive Information Exposure

wpxpo Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX

Tainacan <= 1.0.1 - Missing Authorization to Unauthenticated Arbitrary Metadata Section Creation

tainacan Tainacan

WC Builder <= 1.2.0 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via 'heading_color' Shortcode Attribute

hasthemes WC Builder – WooCommerce Page Builder for WPBakery

WishSuite <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'button_text' Shortcode Attribute

htplugins WishSuite – Wishlist for WooCommerce

Live Composer – Free WordPress Website Builder <= 2.0.2 - Authenticated (Contributor+) PHP Object Injection via dslc_module_posts_output Shortcode

livecomposer Live Composer – Free WordPress Website Builder

Frontend Post Submission Manager Lite <= 1.2.5 - Missing Authorization to Unauthenticated Arbitrary Post Modification

wpshuffle Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin

Five Star Restaurant Reservations – WordPress Booking Plugin <= 2.7.5 - Unauthenticated Stored Cross-Site Scripting

rustaurius Five Star Restaurant Reservations – WordPress Booking Plugin

WordPress WP Affiliate Disclosure plugin <= 1.2.6 - Broken Access Control + CSRF vulnerability

mojofywp WP Affiliate Disclosure

WordPress HappyFiles Pro plugin <= 1.8.1 - Broken Access Control vulnerability

HappyFiles HappyFiles Pro